package com.cool.config.springsecurity;

import com.cool.config.UriPath;
import com.cool.service.sysmanage.PermissionService;
import com.cool.utils.SpringContextUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Service;
import org.springframework.util.AntPathMatcher;

import javax.annotation.Resource;
import java.util.*;

/**
 * 安全元数据来源
 *
 * @author Jiangmanman
 * @date 2020/07/26
 */
@Slf4j
public class SecurityMetadataSource implements FilterInvocationSecurityMetadataSource {

    private final AntPathMatcher antPathMatcher = new AntPathMatcher();

    /**
     * 返回URL需要的权限集合
     *
     * @param object 对象
     * @return {@link Collection <ConfigAttribute> }
     * @author Jiangmanman
     * @date 2020/07/27
     */
    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {

        FilterInvocation filterInvocation = (FilterInvocation) object;

        String requestUrl = filterInvocation.getRequestUrl();

        return getConfigAttribute(requestUrl);
    }

    /**
     * 自定义方法,通过 URL 得到所需权限
     *
     * @return {@link Collection <ConfigAttribute> }
     * @author Jiangmanman
     * @date 2020/07/27
     */
    Collection<ConfigAttribute> getConfigAttribute(String requestUrl) {

        PermissionService permissionService = SpringContextUtil.getBean(PermissionService.class);
//        UriPath usiPath = SpringContextUtil.getBean(UriPath.class);
//        List<String> allow = usiPath.getAllow();
        List<String> allow =  permissionService.selectAllUri();
//        List<String> allow =  new ArrayList<>();


        //遍历需要角色验证的URI
        for (String str : allow) {
            if (antPathMatcher.match(str, requestUrl)) {

                List<String> roleStr = permissionService.selectByUri(str);

                String[] strings = roleStr.toArray(new String[0]);

                log.info("URI:"+requestUrl+" 需要角色: "+ Arrays.toString(strings));
                if(strings.length < 1 ){
                    //如果URI需要验证,但是并没有找到相应的角色,默认给一个需要登录的权限
                    return SecurityConfig.createList("userLogin");
                }
                return SecurityConfig.createList(strings);

            }
        }
        //没配URI,则说明这个URI不需要任何权限
        return null;
    }


        /**
         * 判断哪些权限是正常的权限
         *
         * @return {@link Collection <ConfigAttribute> }
         * @author Jiangmanman
         * @date 2020/07/26
         */
        @Override
        public Collection<ConfigAttribute> getAllConfigAttributes () {
            return null;
        }

        /**
         * 判断哪些对象是可以进行权限判断的
         * @param aClass
         * @return
         */
        @Override
        public boolean supports (Class < ? > aClass){
            return false;
        }
    }
